Monday, March 20, 2023
Advances in computing, storage and memory pave the way for a variety of innovations, from advanced sensor-fusion to autonomous driving and machine learning (ML). But with new technology comes new threats, and as memory evolves, so does the opportunity for cybercrime.
In traditional compute settings, small, secret algorithms could be confined primarily into on-chip memory within secure processor enclaves. But in state-of-the-art artificial intelligence (AI) and ML algorithms, the large size of the dataset often means most of the data resides in off-chip dynamic random-access memory (DRAM). Unfortunately, this memory is easier for adversaries to attack. Concerns about “data as IP” also extend to multi-tenant environments, where multiple virtual machines (VMs) simultaneously share the same physical memory. So-called “cross-VM attacks” (e.g., rowhammer as a tool for denial-of-service of even privilege escalation) are of increasing concern.
Traditional endpoint security can’t defend against memory-based attacks because they can occur invisibly, external to the chip. For example, there are dozens of inline DRAM socket testers and traffic analyzers that could be repurposed for copying DRAM contents, inserting malicious traffic, or even replaying authentic-but-obsolete DRAM traffic.
Tradeoffs and ramifications
Cryptography remains the most effective tool for securing data, but as adversarial attacks advance, it becomes difficult to prioritize security—including data privacy, data authenticity, and data freshness–without compromising performance.
Symmetric protocols, such as the AES encryption protocol, are well suited to achieve data privacy—both for non-volatile “data at rest” and DRAM “data in motion.” Data authentication can be achieved using a combination of cryptographic hashing and asymmetric protocols combined with message authentication codes and authentication tags. By adopting data privacy combined with data authentication defenses, attackers are barred from seeing or modifying the data without detection—though the authentication process is often the reason a device’s operating system may take a second or two to load after power-on.
Data freshness is significantly more complicated. An advanced meta-data technique is required to detect and prevent the adversary from reverting a system to a less secure state. Accomplishing data privacy, authentication and freshness simultaneously is a difficult feat, and accomplishing them while maintaining performance speed is nearly impossible.
Cryptography isn’t a complete solution, however, as it cannot block an adversary from gaining access through a “back door.” Even with no explicit implementation errors of the cryptographic protocols, the most straightforward implementations don’t consider “side-channel” attacks, such as the correlation between the algorithm’s power consumption and secret key material.
Adversaries now expect their data of interest is encrypted and all software in a system is authenticated before execution. They can focus their attack techniques on side-channel recovery of key material of interest, or on bypassing authentication checks via software-based attacks that target a processor’s control-flow mechanisms.
Going for advanced cryptography
So, if cryptography comes with performance tradeoffs and still provides a “back door” for adversaries, how do we successfully secure memory? It’s clear cryptography must be both tamper-resistant and hardware-accelerated.
A tamper-resistant cryptographic hardware core, when integrated into an ASIC or FPGA design, invokes countermeasures against Differential Power Analysis (DPA), Differential Electromagnetic Analysis (DEMA), and Fault Injection Attacks (FIA). DPA-resistant cores integrate algorithmic-level countermeasures to provide the highest level of security, without compromising performance and power budget goals. Similarly, FIA-resistant cores both detect and counteract targeted “bit flips” in registers, flagging when an active FIA technique is observed and restricting it from impacting the cryptographic hardware core.
Tamper-resistant, hardware-based cryptography provides these countermeasures along with performance acceleration, allowing operations to occur much faster than in software—and allowing computational resources to be put toward enhancing security. For example, authentication checks of the code about to be executed within a security processor can assure control flow integrity, preventing adversarial exploitation of that attack surface via software-based attacks.
Cryptography alone isn’t enough to solve the memory security issue. Nevertheless, by leveraging hardware acceleration to minimize performance tradeoffs and utilizing tamper-resistant hardware to eliminate the most obvious side-channel attacks, adversaries will find off-chip DRAM memory systems can become as secure as legacy on-chip memory systems.
By: DocMemory Copyright © 2023 CST, Inc. All Rights Reserved
|